Common Vulnerabilities and Exposures by NIST

CVE-2014-4725 N/A

2014-07-27 2014-07-27

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-4726 N/A

2014-07-27 2014-07-27

Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-4857 N/A

2014-07-26 2014-07-26

Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-4971 N/A

2014-07-26 2014-07-26

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-2625 N/A

2014-07-26 2014-07-26

Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-2626 N/A

2014-07-26 2014-07-26

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-2966 N/A

2014-07-26 2014-07-26

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-4747 N/A

2014-07-26 2014-07-26

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-4748 N/A

2014-07-26 2014-07-26

Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Vendor(s): N/A

Affected OS(s) / software(s): N/A